nextech01
asked on
Security EventID 676
Currently the eventlogs on our Win2k SP4 server has a number of security logs in the middle of the night and they are referenceing eventID 676 with the info below.
Authentication Ticket Request Failed:
User Name: barbara
Supplied Realm Name: FNBHAYS.COM
Service Name: krbtgt/FNBHAYS.COM
Ticket Options: 0x40810010
Failure Code: 0x12
Client Address: 172.16.1.210
The usernames vary and sometimes are blank. Logins are disable from 7pm to 7am and there is nobody present on-site etc.
Any insight would be appreciated on what may be happening
Authentication Ticket Request Failed:
User Name: barbara
Supplied Realm Name: FNBHAYS.COM
Service Name: krbtgt/FNBHAYS.COM
Ticket Options: 0x40810010
Failure Code: 0x12
Client Address: 172.16.1.210
The usernames vary and sometimes are blank. Logins are disable from 7pm to 7am and there is nobody present on-site etc.
Any insight would be appreciated on what may be happening
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Service Ticket Request Failed:
User Name: FNBPDC$
User Domain: FNBHAYS.COM
Service Name: krbtgt/FNBHAYS.COM
Ticket Options: 0x2
Failure Code: 0x20
Client Address: 127.0.0.1
In this case the server name is FNBHAYS and happened at 5:17am and what is confusing is the username FNBPDC$ which may be a service but it is occuring on this server named FNBPDC.
Thanks